Home > Endpoint Management > Monitoring and Reporting > Activation Lock for iOS Devices

Activation Lock for iOS Devices

Apple device have a security feature called Activation Lock, which prompts for Apple ID credentials after a device is factory reset if Find My iPhone/iPad was still enabled at the time of reset, or if the device was in enrolled in Systems Manager through DEP without disabling the Activation Lock. This makes it difficult for someone to use or sell an Apple device if it is lost or stolen. 

 

The ability to manage the Activation Lock state on Apple devices depends on whether the devices are supervised or unsupervised.  If a device is supervised, administrators can force enable Activation Lock, and clear the Activation Lock state remotely. 

Enable Activation Lock 

To enable activation lock on supervised iOS devices:

  1. Go to Manage > Settings and create a "Privacy and Lock" configuration profile 
  2. Check the box for "Allow activation lock"
  3. Scope the configuration profile to the desired tags and save
    clipboard_e293f2c0409bb8635f4aeb7f288ad6a6f.png

Warning: For DEP-enrolled devices Activation Lock is enabled by default. To prevent devices from requiring a bypass code or Apple ID sign in when they are factory reset, create and appropriately scope a "Privacy and Lock" configuration profile with "Allow activation lock" unchecked before the devices are enrolled. Any devices which are currently Activation Lock enabled will need to have Activation Lock bypassed or Apple ID signed in after factory reset.

 

Checking Activation Lock

Quickly checking all devices' current Activation Lock state is easy in Systems Manager. Go to the Systems Manager > Devices list and add the column (+) for Activation Lock: 

 

Screen Shot 2019-06-10 at 1.11.31 PM.png

Bypass Activation Lock

Systems Manager has a feature called Activation Lock Bypass to circumvent the Apple activation lock. Bypass Activation Lock can be performed on a single device at a time, or for all enrolled devices at once. Bypassing Activation Lock requires device's meet a few prerequisites. 

Prerequisites 

To remotely bypass Activation Lock, the following criteria must be met:

  • The target device must be enrolled in a Systems Manager network
  • The target device is running iOS 7.1 or greater
  • The target device must be supervised, using Apple Configurator or Apple's DEP
  • The target device must enrolled via DEP or Find My iPhone/iPad must be enabled by signing into an iCloud account on the device. 

Bypass Activation Lock - Single Device


Once the prerequisites are met, the Activation Lock Bypass tools will appear under the MDM commands section of the device details page.

Note: The device must be supervised and enrolled in Systems Manager prior to Find my iPad/iPhone being enabled.

clipboard_e53c70325f00e23f3bcfb088516505ed7.png

 

The Disable activation lock command automatically releases the iOS device from an activation locked state using the last known bypass code(s). It may be necessary to tap Back on the device before being able to proceed with activation if the device is already factory reset.

 

The Show bypass code command reveals the unique activation lock bypass code received by Cisco Meraki from Apple. If the device has already been factory reset and reactivated, at the Activate iPhone/iPad screen, administrators can manually enter the bypass code (without dashes) in the password field and leave the Apple ID field blank

 

 

clipboard_ebcbd7b3bed76d626f1a2e14c52ea0a48.png

 

Bypass Activation Lock - In Bulk

If there are multiple devices Activation Locked which meet the prerequisites, we can attempt to bypass Activation Lock for all devices at once. Click the checkbox to select devices in Systems Manager > Devices. Then choose Command > Bypass Activation Lock. 

massal.png

Only devices that meet the prerequisites and currently have Activation Lock enabled will be attempted:

Screen Shot 2019-06-10 at 1.18.02 PM.png

activationlock-yea.png

Note: Mass Bypass commands are enqueued within Meraki Systems Manager and then sent to Apple. A "Status: Success" on this modal means that the job was successfully enqueued to be bypassed in Meraki Systems Manager. The requests processing between Meraki and Apple may take several minutes after this, depending on the number of devices you are attempting to bypass. Check back on the devices list in a few minutes to confirm that Activation Lock status changes from Enabled to Disabled. If you are having a problem with a particular device, try "Bypass Activation Lock - Single Device" to view any errors on the bypass attempt returned from Apple. 

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1231

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community